5135 matches found
Udemy: AWS S3 bucket writable for authenticated aws user
Hey, I found an open S3 Amazon bucket udemy-maven. While I can’t confirm if you own it or not, it appears that it is publicly writable using the aws cli. When I write to udemy-maven, I get: move: ./test.txt to s3://udemy-maven/test.txt And also when I remove file, I get: delete:...
CVE-2016-2084
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
Default configuration
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
CVE-2016-2084
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
CVE-2016-2084
CVE-2016-2084 affects F5 BIG-IP and BIG-IQ cloud deployments (AWS, Azure, Verizon) where certificates and keys are not regenerated during deployment, allowing potential disclosure of sensitive data or disruption. The root cause is improper regeneration of certificates/keys when deploying cloud im...
SOL11772107 - BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084
Note: Upgrading a vulnerable version to a not vulnerable version will not mitigate this issue; performing an upgrade on a vulnerable instance will cause the instance to remain vulnerable after the upgrade. Furthermore, any backups that are made from a vulnerable instance and restored to a not...
Amazon Web Services EC2 Instance Metadata Enumeration (Windows)
Binary data enumerateawsamiwin.nbin...
X (Formerly Twitter): niche s3 buckets are readable/writeable/deleteable by authorized AWS users
Hi All, I've discovered that the AWS buckets by niche, niche-s3-production, is accessible for authorized AWS users using the AWS command line tools. Issue As such, I have confirmed: - I can list all files in the bucket with the command aws s3 ls s3://niche-s3-production - I can copy files from th...
RHEL 6 : jboss-ec2-eap (RHSA-2016:0598)
A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application Platform 6.4.7 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update
A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application Platform 6.4.7 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
HackerOne: AWS S3 bucket writeable for authenticated aws users
Hi All, I know that hackerone-attachments is used for file uploads on reports and so I did a quick scan for similar buckets and found . While I can't confirm if you own it or not, it appears that it is publicly writable using the aws cli. When I tried to write to hackerone-attachments, I get: "mo...
PBS KIDS Party - AWS Credentials, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application PBS KIDS Party published at the 'play' market has multiple vulnerabilities...
Baby Sign and Sing Lite - AWS Credentials, Base64 encoded String, Customized SSL vulnerabilities
HackApp vulnerability scanner discovered that application Baby Sign and Sing Lite published at the 'play' market has multiple vulnerabilities...
Lottie Dottie Chicken - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Lottie Dottie Chicken published at the 'play' market has multiple vulnerabilities...
Pango FREE - AWS Credentials, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities
HackApp vulnerability scanner discovered that application Pango FREE published at the 'play' market has multiple vulnerabilities...
PlayKids Talk Messenger 4 Kids - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application PlayKids Talk Messenger 4 Kids published at the 'play' market has multiple vulnerabilities...
Trucktown: Scrap Yard Scramble - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Trucktown: Scrap Yard Scramble published at the 'play' market has multiple vulnerabilities...
Psych! Outwit Your Friends - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Psych! Outwit Your Friends published at the 'play' market has multiple vulnerabilities...
Dropwords - AWS Credentials, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Dropwords published at the 'play' market has multiple vulnerabilities...
WordBuzz: The Honey Quest - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application WordBuzz: The Honey Quest published at the 'play' market has multiple vulnerabilities...